/// <summary> /// Constructor /// </summary> /// <param name="LinkLayerType"> /// A <see cref="LinkLayers"/> /// </param> /// <param name="Timeval"> /// A <see cref="PosixTimeval"/> /// </param> /// <param name="Data"> /// A <see cref="System.Byte"/> /// </param> public Frame(LinkLayerType linkLayerType, PosixTime posixTime, byte[] bytes) { this.LinkLayer = linkLayerType; this.Timestamp = posixTime; this.m_data = bytes; }
void ReadHeader() { var magicNumber = m_reader.ReadUInt32(); var version_major = m_reader.ReadUInt16(); var version_minor = m_reader.ReadUInt16(); var thiszone = m_reader.ReadInt32(); var sigfigs = m_reader.ReadUInt32(); var snaplen = m_reader.ReadUInt32(); m_network = (LinkLayerType)m_reader.ReadUInt32(); }
private void buttonSaveAll_Click(object sender, EventArgs e) { List <Raw> allRawCaptures = packetListView1.GetAllRawCaptures(); if (allRawCaptures.Count == 0) { return; } LinkLayerType layer = allRawCaptures.First().LinkLayer; if (!allRawCaptures.TrueForAll(raw => raw.LinkLayer == layer)) { MessageBox.Show( "The contained data consists of different Link Layer types, please use PCAPNG format instead"); } var saveFileDialog = new SaveFileDialog { AddExtension = true, DefaultExt = "pcap" }; DialogResult dialogResult = saveFileDialog.ShowDialog(); if (dialogResult != DialogResult.OK) { return; } using (var pcapWriter = new sonesson_tools.FileWriters.PCAPWriter(saveFileDialog.FileName)) { pcapWriter.LinkLayerType = (uint)layer; pcapWriter.Start(); foreach (Raw raw in allRawCaptures) { pcapWriter.WritePacket(raw.RawData, raw.TimeStamp); } } // TODO FOR TEST ONLY //using (var fstream = new FileStream(saveFileDialog.FileName + ".binary", FileMode.OpenOrCreate, FileAccess.Write)) //{ // var bWriter = new BinaryFormatter(); // bWriter.Serialize(fstream, allRawCaptures); //} // //using (var fstream2 = new FileStream(saveFileDialog.FileName + ".binary2", FileMode.OpenOrCreate, FileAccess.Write)) //{ // var bWriter2 = new BinaryFormatter(); // var capturePacket = packetListView1.GetAllPackets().First(p => p.ParsedData != null); // bWriter2.Serialize(fstream2, packetListView1.GetAllPackets()); //} }
public RawTemplateControl() { InitializeComponent(); foreach (KeyValuePair <string, LinkLayerType> nameAndType in _map) { LinkLayerType type = nameAndType.Value; string name = nameAndType.Key; string label = $"{(int) type} {name}"; linkLayersBox.Items.Add(label); } // Setting default to Ethernet linkLayersBox.SelectedIndex = (int)LinkLayerType.Ethernet; }
private void linkLayerTextBox_TextChanged(object sender, EventArgs e) { PacketChanged?.Invoke(this, new EventArgs()); // Trying to resolve the PPID so the use know what protocol wireshark is going to try try { _linkLayer = ParseLinkLayer(linkLayerTextBox.Text); if (!Enum.IsDefined(typeof(LinkLayerType), _linkLayer)) { resProtoValueLabel.Text = "Unassigned"; } else { resProtoValueLabel.Text = _linkLayer.ToString(); } } catch { resProtoValueLabel.Text = "ERROR"; } }
public TempPacketSaveData(byte[] data, LinkLayerType linkLayer) { Data = data; LinkLayer = linkLayer; }
internal PacketReader(PcapHandle handle) { this.handle = handle; linkLayerType = (LinkLayerType)NativeMethods.pcap_datalink(handle); }
public void ReplacePacket(int index, LinkLayerType missing_name, byte[] data) { throw new NotImplementedException(); }
public void AppendPacket(LinkLayerType linkLayer, byte[] data) { // TODO: ?? }
public void ReplacePacket(LinkLayerType link, byte[] data) { throw new NotImplementedException(); }
public Raw(DateTime timeStamp, byte[] rawData, LinkLayerType layer) { TimeStamp = timeStamp; RawData = rawData; LinkLayer = layer; }
public CapturePacket(Raw raw) { //RawCapture = raw; Date = raw.TimeStamp; _linkLayerType = raw.LinkLayer; try { Packet = Packet.ParsePacket((LinkLayers)raw.LinkLayer, raw.RawData); } catch (Exception e) { Error = e.Message; } if (Packet == null) { return; } // protect against corrupted data with a try read try { var throwaway = Packet.Bytes.Length + Packet.HeaderData.Length; } catch (Exception e) { _protocolinfo = "Malformed Packet or Header"; this.Error = "Malformed Packet or Header"; return; } if (Packet.PayloadPacket is IPv4Packet) { var ipv4 = (IPv4Packet)Packet.PayloadPacket; switch (ipv4.Protocol) { case PacketDotNet.ProtocolType.Tcp: var tcpPacket = (TcpPacket)ipv4.PayloadPacket; Protocol = ProtocolType.TCP; // catch a semi-rare error in PacketDotNet that cannot be checked against try { if (tcpPacket.PayloadData.Length == 0) { break; } } catch (Exception e) { Error = e.Message; break; } if ((tcpPacket.DestinationPort == 50039 || tcpPacket.DestinationPort == 50040) && tcpPacket.PayloadData.Length > 0) { Protocol = ProtocolType.JRU; try { var ss27 = ExtractSS27Packet(tcpPacket); DisplayFields.Add(new Tuple <string, object>("time", ss27.DateTime)); if (ss27.Events.Count == 0) { // if there is no event, chuck some other data in there, maybe // ParsedData = new ParsedDataSet() { ParsedFields = new List<ParsedField>(ss27.Header) }; } else { // TODO FIX THIS SO IT WORKS ss27.Events.ForEach(e => DisplayFields.Add(new Tuple <string, object>(e.EventType.ToString(), e.Description))); } this.SS27Packet = ss27; } catch (Exception e) { Error = e.Message; } } if (tcpPacket.SourcePort == 50041 && tcpPacket.PayloadData.Length > 0) { Protocol = ProtocolType.JRU; var jruload = tcpPacket.PayloadData; try { ushort jrulen = BitConverter.ToUInt16(new byte[] { jruload[1], jruload[0] }, 0); var buffer = new byte[jrulen]; Array.Copy(jruload, 2, buffer, 0, jrulen); ParsedData = VSIS210.JRU_STATUS.Parse(buffer); } catch (Exception e) { Error = e.Message; } } break; case PacketDotNet.ProtocolType.Udp: Protocol = ProtocolType.UDP; var udp = (UdpPacket)ipv4.PayloadPacket; if (udp == null) { _protocolinfo = "Malformed UDP"; this.Error = "Malformed UDP"; return; } // protect against corrupted data with a try read try { var throwaway = udp.DestinationPort + udp.SourcePort + udp.Length + udp.Checksum; } catch (Exception e) { _protocolinfo = "Malformed UDP"; this.Error = "Malformed UDP"; return; } if (udp.SourcePort == 123 && udp.DestinationPort == 123) { Protocol = ProtocolType.NTP; } else if (Equals(ipv4.SourceAddress, VapAddress)) { if (udp.DestinationPort == 50023) { _protocolinfo = "VAP->ETC (TR)"; } else if (udp.DestinationPort == 50030) { _protocolinfo = "VAP->ETC (DMI1 to ETC)"; } else if (udp.DestinationPort == 50031) { _protocolinfo = "VAP->ETC (DMI2 to ETC)"; } else if (udp.DestinationPort == 50032) { _protocolinfo = "VAP->ETC (DMI1 to iSTM)"; } else if (udp.DestinationPort == 50033) { _protocolinfo = "VAP->ETC (DMI2 to iSTM)"; } else if (udp.DestinationPort == 50051) { _protocolinfo = "VAP->ETC (DMI1 to gSTM)"; } else if (udp.DestinationPort == 50052) { _protocolinfo = "VAP->ETC (DMI2 to gSTM)"; } else if (udp.DestinationPort == 50024) { _protocolinfo = "VAP->ETC (DMI1 EVC-102)"; } else if (udp.DestinationPort == 50025) { _protocolinfo = "VAP->ETC (DMI2 EVC-102)"; } else if (udp.DestinationPort == 50039) { _protocolinfo = "VAP->ETC (STM to JRU)"; } else if (udp.DestinationPort == 50041) { _protocolinfo = "VAP->ETC (JRU Status)"; } else if (udp.DestinationPort == 50050) { _protocolinfo = "VAP->ETC (VAP Status)"; } else if (udp.DestinationPort == 50015) { Protocol = ProtocolType.UDP_SPL; _protocolinfo = "VAP->OPC (DMI to STM)"; } else if (udp.DestinationPort == 5514) { _protocolinfo = "VAP->BDS (VAP Diag)"; } } else if (Equals(ipv4.DestinationAddress, VapAddress)) { if (udp.DestinationPort == 50022) { _protocolinfo = "ETC->VAP (OBU)"; } else if (udp.DestinationPort == 50026) { _protocolinfo = "ETC->VAP (ETC to DMI1)"; } else if (udp.DestinationPort == 50027) { _protocolinfo = "ETC->VAP (ETC to DMI2)"; } else if (udp.DestinationPort == 50037) { _protocolinfo = "ETC->VAP (EVC-1&7)"; } else if (udp.DestinationPort == 50035) { _protocolinfo = "ETC->VAP (EVC-1&7)"; } else if (udp.DestinationPort == 50028) { _protocolinfo = "ETC->VAP (iSTM to DMI1)"; } else if (udp.DestinationPort == 50029) { _protocolinfo = "ETC->VAP (iSTM to DMI2)"; } else if (udp.DestinationPort == 50055) { _protocolinfo = "ETC->VAP (gSTM to DMI1)"; } else if (udp.DestinationPort == 50056) { _protocolinfo = "ETC->VAP (gSTM to DMI2)"; } else if (udp.DestinationPort == 50034) { _protocolinfo = "ETC->VAP (to JRU)"; } else if (udp.DestinationPort == 50057) { _protocolinfo = "ETC->VAP (VAP Config)"; } else if (udp.DestinationPort == 50014) { Protocol = ProtocolType.UDP_SPL; _protocolinfo = "OPC->VAP"; var payload = udp.PayloadData; var spl = VAP.UDP_SPL.Parse(payload); this.DisplayFields = spl.ParsedFields.Select(f => new Tuple <string, object>(f.Name, f.Value)).ToList(); if (spl.ParsedFields.Last().Value.Equals("C9")) { var nextBytes = Functions.SubArrayGetter(payload, 81); var stm = VAP.STM_Packet.Parse(nextBytes); DisplayFields.AddRange(stm.ParsedFields.Select(f => new Tuple <string, object>(f.Name, f.Value)).ToList()); } } else if (udp.DestinationPort == 50036) { _protocolinfo = "BDS->VAP (Diag)"; } else if (udp.DestinationPort == 50070) { _protocolinfo = "ETC->VAP (ATO)"; } else if (udp.DestinationPort == 50068) { _protocolinfo = "ETC->VAP (ATO)"; } else if (udp.DestinationPort == 50072) { _protocolinfo = "ETC->VAP (ATO)"; } } try { IPTWPPacket = IPTWPPacket.Extract(udp); } catch (Exception e) { Error = e.Message; } if (IPTWPPacket != null) { Protocol = ProtocolType.IPTWP; } break; case PacketDotNet.ProtocolType.Icmp: Protocol = ProtocolType.ICMP; // dunno break; case PacketDotNet.ProtocolType.Igmp: Protocol = ProtocolType.IGMP; // dunno break; default: throw new ArgumentOutOfRangeException(); } } else if (Packet.PayloadPacket is ArpPacket arpPacket) { Protocol = ProtocolType.ARP; } else if (Packet.PayloadPacket is IPv6Packet) { Protocol = ProtocolType.IPv6; // ignore, for now } else if (raw.LinkLayer == LinkLayerType.Ethernet && Packet.HeaderData[12] == 0x88 && Packet.HeaderData[13] == 0xe1) { Protocol = ProtocolType.HomeplugAV; // ignore } else if (raw.LinkLayer == LinkLayerType.Ethernet && Packet.HeaderData[12] == 0x89 && Packet.HeaderData[13] == 0x12) { Protocol = ProtocolType.Mediaxtream; // ignore } else if (raw.LinkLayer == LinkLayerType.Ethernet && Packet.HeaderData[12] == 0x88 && Packet.HeaderData[13] == 0xcc) { Protocol = ProtocolType.LLDP; // ignore } else { Protocol = ProtocolType.UNKNOWN; #if DEBUG // if we are in debug, we might want to know what is in the unknown // throw new NotImplementedException("Surprise data! " + BitConverter.ToString(packet.Bytes)); #endif } var extractParsedData = ExtractParsedData(this, out var displayfields); this.DisplayFields.AddRange(displayfields); this.ParsedData = extractParsedData; }
public static PacketSaveData GetPacketSaveData(string hex, HexStreamType streamType, LinkLayerType linkType, string streamId, string ppId, string ext = "") { string linkTypeStr = ((byte)linkType).ToString(); return(GetPacketSaveData(hex, streamType, linkTypeStr, streamId, ppId, ext)); }
/// <summary> /// Gets the flow key for supported frame (not only Ethernet). It uses PacketDotNet library. /// </summary> /// <param name="linkLayer">Link Layer of the Frame.</param> /// <param name="bytes">Bytes of the frame.</param> /// <returns><see cref="FlowKey"/> for the provided frame.</returns> public static FlowKey GetKey(LinkLayerType linkLayer, byte[] bytes) { var packet = PacketDotNet.Packet.ParsePacket((PacketDotNet.LinkLayers)linkLayer, bytes); return(PacketKeyProvider.GetKeyFromPacket(packet)); }